I have been thinking about the same process, but have decided instead of using a password having a access uuid as the key, and the app can send that to login to the web2py site. You can then have your code create the cookies or whatever is required based on the uuid etc..
On Tue, Feb 14, 2012 at 8:32 AM, smogzer <smog...@gmail.com> wrote: > I'm doing a C++ framework and i want to remotely login into web2py, for > simplification libcurl style. > Problem is that the bare login requires plain text or just base64 encoded > password transmission, in short it is vulnerable to a man in the middle > attack that may compromise the user passwords. > > So what i want to achieve is to login into web2py in a method similar to > what pandora uses, that is something like: > > l: login > p: hash of (l+p) > > What would be the "patch" required to allow this kind of login into web2py > ? > I'm guessing adding an extra sha1 password Field in auth table, some > onPassword_creation onPassword_modification, and the registration events. > -- -- Regards, Bruce Wade http://ca.linkedin.com/in/brucelwade http://www.wadecybertech.com http://www.warplydesigned.com http://www.fitnessfriendsfinder.com
